What Nurses Need to Know about HIPAA
Š
Health Insurance Portability and Accountability Act (HIPAA) • In mid 1990s Congress passed the Health Insurance Portability and Accountability Act (HIPAA) of 1996. As a step toward portability, HIPAA called for rules that would: –
Provide administrative simplification, basically by standardizing the interchange of medical data
–
Protect patient confidentiality
–
Protect the security of patient data
The law also provided for significant fines for violating standards (for wrongful disclosure of medical data)
Purpose of Module : HIPAA • The purpose of this module is to provide the student nurse and faculty with an understanding of what they need to know about HIPAA regulations and how they affect the day-to-day decisions concerning medical data
Objectives of Module • After reviewing this module, you should be able to : –
Describe the intent of the HIPAA regulation
–
Describe how HIPAA affects confidentiality
–
Describe how HIPAA affects information transfer
Introduction • Computers are being used more commonly in healthcare, and proved tremendous benefit
• However, there has also been a growing fear that this increasing use of computers for storing – Speed up procedures and transmitting – Ease of communication patient information – Access to patient data may undermine patient – Access to lab findings confidentiality
HIPAA • HIPAA addresses these problems along three major avenues: – Administrative simplification –
Patient Confidentiality
–
Data Security
Administrative Simplification • This will involve the personnel in information systems, medical records and administration. • However, nurses may be required to use new data gathering tools, new forms or programs due to the HIPAA process • A move to standardize the coding of electronic transfer of data to insurance agencies and other payers will be implemented with the HIPAA
Confidentiality • This section will affect nursing greatly – “General rule is that patient authorization is required for any use or disclosure of protected information that is not directly related to treatment, payment or health operations” This is to prevent unauthorized disclosures to anyone outside the agency or within the agency
Confidentiality Rules cover all forms of communication :
FAX
Kardex
Computer Screens Whiteboard for nursing assignment
MAR
Patient Charts
(Medication Administration Record) Communication Boards in Patient’s Room
Dietary Trays Lab slips or specimens
Patient Rooms J.T. Ellis N213 Patients must not be identified by any available data
Confidentiality in Special Settings • Home Health – Must not forget that the nurse is not a friend of the patient, but a professional even though the setting is more relaxed. Be careful NOT to reveal confidential information to neighbors, family or friends
• Long Term Care – In long term care residents have gotten to know one another, there may be questions about another resident. AVOID discussing a resident’s condition with another resident.
Confidentiality in Special Settings Psychiatric /Chemical Dependency Units – The law requires much more stringent protection of privacy in these settings. It is a violation of federal law to reveal or even confirm the identity of a patient in any psychiatric setting or chemical rehab.
• Other special Circumstances – HIV – Pregnancy – Sexual Abuse – Rape These patients are may be at risk for breach of confidentiality. Normally parents of minors are automatically given information regarding their child’s condition, but law varies from State to State. Know your state’s law.
Reporting Laws and Confidentiality • There are some exceptions to a caregiver’s obligation to keep information confidential – Threats Patients in psychiatric setting sometimes make threats to harm others. DO NOT try to decide if a threat is serious. REPORT any threats to instructor and staff.
– Suspected Abuse When you encounter any patient who appears to have been physically abused, you have a duty to report your suspicions. As a student, you will report to your instructor who will report to staff. As a nurse, you will be contacting your supervisor, social services and the police.
Other exceptions to confidentiality Criminal Wounds
Gunshots
Poisonings
Communicable Diseases and Emergency Circumstances
Deaths of an Uncertain Nature
Report to your supervisor and follow agency/state guidelines
How does this affect you? • As we visit clinical sites – we will be oriented to the agency’s guidelines for HIPAA implementation • Patient names will NOT be posted on Assignment Sheets • Patient information should NEVER be left visible to public Be careful as you are preparing the night before clinical to close charts, MAR, Kardex, etc. DO NOT LEAVE YOUR PAPERS VISIBLE TO OTHERS
• Computer screens should face away from public view while charting • Never leave patient’s computer screen up if you must leave to care for patient • Never leave information on computer screens for unauthorized persons to gain access – log off • Do NOT share computer codes
How does this affect you? • If you receive a fax, it must be placed in a secured area, face down • DO NOT XEROX portions of the patient’s chart, MAR, Lab/diagnostic findings • DO NOT DOWNLOAD patient information from the computer – Your instructor will advise you to any exceptions to these rules in your agency
Who Must Comply? • HIPAA law defines those who must comply as: All persons involved with access to patient information and medical records. (This includes Motlow’s clinical students/instructors) • Protected health information includes, but is NOT limited to: – Social Security Number –
Name
–
Address and phone number/ Fax number
–
Date of birth
–
Diagnosis
–
Email address
–
Medical record number
–
Any account numbers or patient information identifying the patient
Data Security • The third major portion of HIPAA is directly related to confidentiality. This is the maintaining the security of patient data, particularly when it is transmitted outside the institution. • Each agency will have a policy and procedure for the handling of transmission, security of computer systems and codes
Penalty • Under HIPAA, civil and even criminal penalties can be imposed on organizations and individuals for wrongful disclosure or other forms of noncompliance. Wrongful disclosure is defined as either knowingly or unknowingly sharing or disclosing information without patient/resident permission.
• A facility that does not follow these rules may: – Be responsible for civil penalties and fines that can quickly add up to thousands of dollars. – Be accused of criminal violations that can result in even higher fines and incarceration – Be excluded from participation in the Medicare Reimbursement Program
Penalties portion of HIPAA • Civil money penalties are $100.00 per violation, up to $25,000 per year for each requirement or prohibition violated • Criminal penalties are up to $50,000 and one year in prison for certain offenses. – Up to $100,000 fines and up to 5 years in prison if the offenses are committed under false pretenses – Up to $250,00 in fines and up to 10 years in prison if the information obtain is found to be used for commercial advantage, personal gain or malicious harm
What’s wrong in this picture? • What potential risks to confidetiality can you see or identify? • What potential risks to confidentiality do you see?
Conclusion • According to HIPAA legislation, when information must be communicated, you must make sure it is for treatment or billing or other uses within the law and within the policies/procedures of your institution
This has been an introduction to HIPAA. Your clinical agency will discuss specific policies/ procedures for their institution during orientation. Listen and Ask Questions if you do not understand how they want you to communicate!